SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5477)

Description

This is a respin of the previous kernel update, which got retracted
due to an IDE-CDROM regression, where any IDE CDROM access would hang
or crash the system. Only this problem was fixed additionally.

This kernel update fixes the following security problems :

On x86_64 a denial of service attack could be used by
local attackers to immediately panic / crash the
machine. (CVE-2008-1615)

Fixed a SMP ordering problem in fcntl_setlk could
potentially allow local attackers to execute code by
timing file locking. (CVE-2008-1669)

Fixed a resource starvation problem in the handling of
ZERO mmap pages. (CVE-2008-2372)

The asn1 implementation in (a) the Linux kernel, as used
in the cifs and ip_nat_snmp_basic modules does not
properly validate length values during decoding of ASN.1
BER data, which allows remote attackers to cause a
denial of service (crash) or execute arbitrary code via
(1) a length greater than the working buffer, which can
lead to an unspecified overflow; (2) an oid length of
zero, which can lead to an off-by-one error; or (3) an
indefinite length for a primitive encoding.
(CVE-2008-1673)

Various tty / serial devices did not check
functionpointers for NULL before calling them, leading
to potential crashes or code execution. The devices
affected are usually only accessible by the root user
though. (CVE-2008-2812)

A missing permission check in mount changing was added
which could have been used by local attackers to change
the mountdirectory. (CVE-2008-2931)

Additionally a very large number of bugs was fixed. Details can be
found in the RPM changelog of the included packages.

OCFS2 has been upgraded to the 1.4.1 release :

Endian fixes

Use slab caches for DLM objects

Export DLM state info to debugfs

Avoid ENOSPC in rare conditions when free inodes are
reserved by other nodes

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018